Consumers and businesses are targeted by similar cybercrime tactics, resulting in losses to the consumer credit card industry at $40.1bn globally in 2015, up 29% on the year before. As business finance moves online too, enterprises also become vulnerable, and business credit cards, payment portals and bank accounts are attacked with similar techniques.
Efforts to combat this can actually add to the problem. Rules-based systems for targeting fraud result in a high number of false positives — transactions that appear fraudulent but are not. Consumer and business user experience is damaged, money is lost and fraud is not prevented effectively.
There has to be a better way. Rules-based, non-smart systems are reactive, dealing with activities that resemble past crimes. They snare an unacceptable number of ordinary transactions, while minor changes in criminal behavior allow real fraud to go undetected. What’s needed is a system of combatting fraud that actually prevents fraud from taking place, rather than reacting to it, and that doesn’t lose $10bn a year to false positives.
Only machine learning can do this.
Machine learning identifies fraudsters by analysing usage patterns and flagging anomalies. Ajit Joakar, principal data scientist at Envision, says, ‘the goal of fraud prevention is to identify transactions which do not behave in the normal manner.’
To that end, basic machine learning is often implemented to make the current approach smarter and more effective – to augment, rather than to replace, rules-based reactive fraud detection systems.
‘Most fraud management systems on the market today work by looking for “bad” behaviour,’ says Oakhall; ‘in other words, they rely on pattern-matching against recognised past fraud types.’
That’s why when you spend more than usual, or take money out on holiday, your transaction raises red flags with your bank’s fraud detection equipment. It’s also why, if someone steals your credit card, they can often make a sizable number of small purchases on it before it gets flagged. In short, because the approach is similar, so are the results: fraud escapes detection while the system generates an unacceptably high number of false positives.
These rules-based systems can be effective. ‘For example,’ says data scientist Li Yang, ‘if a customer charges his credit card at a store in California but one hour later uses it again at an ATM in Germany, well, that can’t be right.’
But generally, they’re inaccurate and cumbersome. Correctly implemented, machine learning can do more.
Oakhall partner Jonathan Crossfield points out that, ‘incumbent systems can block 10 legitimate transactions for every fraudulent one identified and, with undetected fraud, cost the global card industry $31 billion in losses, operational costs and revenue lost to competitors.’
Fraud detection fails in two key areas: it doesn’t offer enough protection, and it constantly raises false positives that inconvenience consumers and cost businesses and financial institutions money.
Advanced machine learning seems tailor-made to solve this problem, using a different approach based on real-time fraud detection rather than on improving reactive pattern matching systems.
Machine learning doesn’t have to apply a one-size-fits-all approach to identifying fraudulent transactions. Instead, it can process and analyse a pattern of real user data in real time — sometimes referred to as ‘stream computing.’
Those results are significant in financial terms, as well as improving reputation and customer satisfaction.
Other results from the implementation of machine learning for fraud prevention have been even more stark.
Adaptive behavior analytics company Featurespace has seen its offering ‘reduce “genuine transactions declined” [false positives] by over 70% and incidence of undetected fraud by 25%.’
That’s a substantial improvement on previous efforts. But it’s not the end of the road for what machine learning can do for fraud prevention.
Even real-time analytics results in action being taken after the event. Swiss Fintech company NetGuardians plan to act predictively — to counter fraud almost before it happens, building on behavioral analytics by incorporating insights from criminology.
Head of R&D Jérôme Kehrli feels that even solutions supported by machine learning are disappointing, labelling them ‘primordial’ and claiming, ‘the current industry paradigm for machine learning and AI capabilities in fraud detection… [produces] too many false positives and too many valid transaction blockings.’
Some of the reason for that is data quality. Brandon Gregg, of Seagate data recovery, says, ‘if the data isn’t properly cleaned or grouped with other outside data, patterns and anomalies will be missed.’ Using AI to analyse existing data sets can’t solve that problem, but using natural language programming could relieve much of the need for data oversight and grouping.
Working closely with the interdisciplinary Institute for Information and Communication Technologies at HEIG-VD university, the NetGuardians team intends to combine psychological profiling with machine learning, creating a tool that can foresee the typical fraudster’s next move before they make it.
‘Understanding the fraudster’s psychology,’ says Kehrli, ‘improves precision of scoring to identify priority cases for fraud detection. Combined with advanced data analytics, criminology helps predict crime — and therefore prevent it.’
Current fraud prevention strategies are ineffective, inefficient — in short, they’re broken. Reactive systems frustrate legitimate users while allowing fraudsters free rein. The good news is that innovative solutions are in the pipeline to alter the whole way financial and other businesses detect fraudulent behavior.When sensitive, predictive or real-time systems are combined with psychological insight into fraudsters’ goals and actions, we should see fraud prevention become all but invisible — for everyone but the fraudsters.